b. Phishing - It setting up fake Web sites or sending e-mail messages that look like legitimate businesses to ask users for confidential personal data. 

c. Pharming - It redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser.

d. Spoofing  - It misrepresenting oneself by using fake e-mail addresses or masquerading as someone else and redirecting Web link to address different from intended one, with site masquerading as intended destination.

1. Secure Sockets Layer (SSL) and successor Transport Layer Security (TLS) - it enables client & server computers to manage encryption & decryption activities; so they communicate with each other during a secure web session. 

2. Secure Hypertext Transfer Protocol (SHTTP) - is used for encrypting data flowing over the Internet but it is limited to individual messages, whereas SSL & TLS are designed to establish a secure connection between 2 computers.

1. Cyber warfare - State-sponsored activity designed to cripple & defeat another state or nation by penetrating its computers or networks for the purposes of causing damage & disruption.

2. Computer    Forensic -  Scientific collection,  examination,     authentication,  preservation,  and analysis of  data   from  computer  storage media  for  use  as  evidence in court of law and it includes recovery of ambient  and  hidden  data.

It is a combination of hardware and software that prevents unauthorized users from accessing private networks Static packet filtering - examines selected fields in the header of data packet flowing back and forth between the trusted network & Internet, examining individual packets in isolation.

It monitors hot spots on corporate networks to detect and deter intruders and examines events as they are happening to discover attacks in progress.

It checks computers for presence of malware and can often eliminate it as well. It requires continual updating. 

b) Information systems controls is one of the components of an organizational framework for security and control. Information systems controls consist of two - general and application control. A company must know how and where to deploy security tools and security personnel must know what controls a company must have in place to protect its information system. Contrast between General Controls and Application Controls. 

1. General Controls – It is a for govern design, security and use of computer programs and security of data files in general through out organization information technology infrastructure. It apply to all computerized applications. Moreover it is a combination of hardware, software and manual to create overall control environment.

2. Application controls – It specific controls unique to each computerized application such as payroll or order processing. It includes both automated ad manual procedure, for example input control, output control and processing controls. Moreover, it ensures that only authorized data are completely and accurately can processed by that applications. 

1. Viruses - Rogue software program that attaches itself to other software programs or data files in order to be executed.

2. Worms - Independent programs that copy themselves from one computer to other computers over a network.

3. Trojan Horses - Software that appears benign but does something other than expected and example is Zeus Trojan which runs on computer with MS Windows OS and used to steal login credentials for baking.
 

4. Spyware - Small programs install themselves surreptitiously on computers to monitor users Web surfing activity and serve up advertising.

Computer crime is any violations of criminal law that involves knowledge of computer technology for their perpetration, investigation, or prosecution. Some examples are breaching confidentiality of protected computerized data and accessing a computer system without authority. 

1. There are internet vulnerabilities which mean network is open to anyone and size of Internet means abuses can have wide impact. 

2. There are wireless security challenges whereby eavesdroppers can drive by buildings and try to intercept network traffic and hacker that gains access to SSID, has access to network’s resources. 

3. There are malicious software such as worms, viruses, Trojan horses and spyware. 

1. Identity management software which automatically keeps track of all users & privileges authenticates users, protecting identities, and controlling access.

2. Authentication which is a system that checks the identification of an end user who wants to access it. Some types of authentications are token, smart cards, biometric authentication and two-factor authentication.

3. Firewalls which is a combination of hardware and software that prevents unauthorized users from accessing private networks and provides additional security by determining whether packets are part of an on-going dialogue between sender & receiver 

Authentication is the technique by which a system checks the identification of a end user who wants to access it. Since entrance or access control is normally based on the identification of the user who demands access to a resource. Authentication is essential to effective security. 

1. Password Based Technologies - which is the most common form of authentication. Password may be of any form (String of alphabets, numbers and special characters). This password is necessarily to be known by the entity or the thing or a person that is being authenticated.

2. e-Token Based Technologies - which is a small device that develop/generates a new odd/random value every time it is used. This random value becomes the basis for authentication (an alternative to a password). It can be implemented on a USB key fob or on a smart card. Data is protected on the device itself.

3. Biometric Based Technologies - which is an authentication mention to the realization/recognition/identification of humans by their personality/characteristics such as Face, fingerprint, human voice, Retina, Iris pattern of the eye, vein pattern etc. It's used in computer science as a form of realization/recognition and access control. 

4. Two Factor Authentication aka multi-step verification - which adds another layer of security, supplementing the username and password model with a code that only a specific user has access to (typically sent to something they have immediately to hand). 

Ransomware - proliferating on both desktop & mobile devices that try to extort money from users by taking control of their computers or displaying annoying pop-up messages such as CryptoLocker that encrypts an infected computer files, forcing users to pay hundreds of dollars to regain access.

1. Install an up-to-date anti-malware or anti-virus tool like Malwarebytes or McAfee Anti-Malware which is an important part of computer’s security system. 

2. Scan attachments - Most malware tools give the ability to scan any emails or attachments before opening them. Emails and email attachments should be scanned before for malware before it is opened especially if they’re coming from an unknown sender.

3. Ask before open - If there’s uncertainty about an email attachment or link in an email, send a quick note to the person who sent it and ask them if it is legitimate. If the person doesn’t respond or gives a cryptic answer, do not open it.

Trust is an essential element of customer relationship. Computer crime can damage business' reputation and erode the trust that customers have for the organization. This could potentially lead to loss of customer, loss of sales and reduction in profits

The effect of reputational damage can even impact on suppliers, or affect relationships with partners, investors and other third parties vested in the business.

Data protection and privacy laws require organizations to manage the security of all personal data they hold whether on the staff or their customers. If this data is accidentally or deliberately compromised, and they have failed to deploy appropriate security measures, they may face fines and regulatory sanctions 

2. Who poses the biggest security threat: insiders or outsiders?

Insiders is the person who poses the biggest security threat because the insiders have the knowledge about the security of an organization. one of the things that the insiders to is hacking the security because they know better the flow of the organization compared to the outsiders. this is because the insiders have already entrusted with authorized access to at least some systems and applications on a corporate network. It can be very hard for those in IT to decipher whether he’s just performing his regular job tasks, or carrying out something sinister. An angry employee who already has access to company files could be secretly leaking documents to competitors, or he could be sabotaging systems or corrupting data because he is miffed at his employer.

3. Suppose your business had an e-commerce Web site where it sold goods and accepted credit card payments. Discuss the major security threats to this Web site and their potential impact. What can be done to minimize these threats?

 Malware which is the malicious software that attackers insert into the web files or pages once they have gained access to the site. Malware may be found on an individual’s computer if they have themselves fallen victim to a phishing attack or otherwise been compromised, or it may be inserted directly onto the website after a successful SQL injection or if administrative account access has been granted to a harmful entity. As with software, malware can perform an extremely wide range of activities, from turning the computer into a botnet that can be part of a DDoS attack, to stealing credit card and account information from the website users. One type of malware that targeted Magento site was able to take credit card information and store it in images so that the attacker could easily access it without flags being raised. In order to minimize these threats, ones need to update the computer operating systems and patch regularly in order to defend against malware and phishing. This will help prevent vulnerabilities from being exploited and help detect and block threats from entering the system. 

 

 

Cyberwarfare is a serious problem because it poses a unique and dauting a challenges for security experts, not only in detecting and preventing intrusions but also in tracking down prepetrators and bringing them to justice. The most prominent threats so far include the succesfull attacks on the FAA airline system, including one in 2006 that partially shut down air traffic data system in Alaska. And also the case of cyberspies that inflitrated the U.S electrical grid in April 2009 and left behind software programs whose purpose is unclear. Beside that, it also include the intruders that successfully penetrated the Pentagon’s 300 billion dollar joint strike fighter project and stole several terabytes of data related to design and electronics systems. In Iraq, insurgents intercepted Predaor drone feeeds using software downloade from the internet.

 

 

 

The solutions are available for this problem is the congress should considering legislation so that it would require all critical infrastructure companies to meet newer,thougher cybersecurity standards. As cyberwarefare technologies develop and become moe advanced, the standard imposed by this legislation will likwly be insufficient to defend against attacks. 

Secretary of Defense Gates ordered the creation of Cybercom, the first headquaters designed to coordinate government cybersecurity efforts. It was activated in May 2010. It will coordinate the operation and protection of military and Pentagon computer networks. It will coordidnate efforts to restrict access to government computers an protect systems that run the stock exchanges, clear global banking transactions and manage the air traffic control sysytem. Its ultimate goal will be to prevent catastrophic cyberattacks against the U.S. Some insiders suggest that it might not able to effectively organize the governmental agencies without irect to the Presient, which it currently lacks. 

Because spy agencies like the CIA are prohibited by law from acting on American soil, some people are proposing to entrust some of the cyberwarfare work to private defense contractors. There is no effective way for a domestic agency to conduct computer operations without entering prohibited networks within the U.S. or even conduct investigations in countries that are American allies. Preventing terrorist or cyberwar attacks may require examining some email messages from other countries or giving intelligence agencies more access to networks or Internet service providers.